System and method for supporting multiple certificate status providers on a mobile communication device

ABSTRACT

A method and system for supporting multiple digital certificate status information providers are disclosed. An initial service request is prepared at a proxy system client module and sent to a proxy system service module operating at a proxy system. The proxy system prepares multiple service requests and sends the service requests to respective multiple digital certificate status information providers. One of the responses to the service requests received from the status information providers is selected, and a response to the initial service request is prepared and returned to the proxy system client module based on the selected response.

CROSS-REFERENCE TO RELATED APPLICATION

This application claims the benefit of and priority to U.S. ProvisionalPatent Application Ser. No. 60/365,534, filed Mar. 20, 2002, the entiredisclosure of which is incorporated herein by reference.

BACKGROUND

1. Technical Field

This invention relates generally to the field of secure electronicmessaging and in particular to checking the status of digitalcertificates.

2. Description of the State of the Art

Known secure messaging clients including, for example, e-mail softwareapplications operating on desktop computer systems, maintain a datastore, or at least a dedicated data storage area, for secure messaginginformation such as digital certificates. A digital certificate normallyincludes the public key of an entity as well as identity informationthat is bound to the public key with one or more digital signatures. InSecure Multipurpose Internet Mail Extensions (S/MIME) messaging forexample, a public key is used to verify a digital signature on areceived secure message and to encrypt a session key that was used toencrypt a message to be sent. In other secure messaging schemes, publickeys may be used to encrypt data or messages. If a public key is notavailable at the messaging client when required for encryption ordigital signature verification, then the digital certificate, or atleast the public key, must be loaded onto the messaging client beforethese operations can be performed.

Typically, a digital certificate is checked against a CertificateRevocation List (CRL) to determine if the digital certificate has beenrevoked by its issuer. This check is typically performed when a digitalcertificate is first received and periodically thereafter, for examplewhen a new CRL is received. However, CRLs tend to be relatively bulky,so that transfer of CRLs to messaging clients consume considerablecommunication resources, and storage of CRLs at a messaging client mayconsume significant memory space. CRL-based revocation status checks arealso processor-intensive and time consuming. These effects can beparticularly pronounced in messaging clients operating on wirelessmobile communication devices, which operate within bandwidth-limitedwireless communication networks and may have limited processing andmemory resources. In addition, revocation status is updated in CRL-basedsystems only when a new CRL is distributed.

Another scheme for digital certificate revocation status checkinginvolves querying remote systems which maintain digital certificaterevocation status information. A difficulty with this scheme is that itrequires a separate request-response exchange for each remote system tobe queried. These exchanges may cause significant time delays andconsume significant amounts of available communication bandwidth,particularly for secure messaging clients operating on wireless mobilecommunication devices.

Digital certificate validity checks may similarly be processor intensiveand time consuming for messaging clients operating on constraineddevices. Digital certificate validity checks may similarly be performedby remote systems and may be useful for such devices, but as describedabove, typical schemes are not particularly suitable when multipleremote systems are to be queried.

SUMMARY

According to an aspect of the invention, a method of accessing multipledigital certificate status information providers to obtain digitalcertificate status information comprises the steps of receiving arequest for digital certificate status information from a communicationdevice, generating multiple service requests based upon the receivedrequest, each of the multiple service requests corresponding to adigital certificate status information provider, sending the generatedmultiple service requests to their corresponding digital certificatestatus information providers, receiving a response comprising digitalcertificate status information from at least one of the digitalcertificate status information providers, generating a response to therequest for digital certificate status information using at least aportion of the received digital certificate status information, andsending the generated response to the request to the communicationdevice.

An apparatus for accessing multiple digital certificate statusinformation providers to obtain digital certificate status informationfor a communication device, according to another aspect of theinvention, comprises means for receiving a request regarding digitalcertificate status information from the communication device, means forgenerating multiple service requests based upon the received request,each generated service request corresponding to a digital certificatestatus information provider, means for sending the generated multipleservice requests to their corresponding status information providersover a computer network, and means for receiving over a computer networka response containing digital certificate status information from atleast one of the status information providers, wherein at least aportion of the received digital certificate status information is usedin providing a status information response to the communication device.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a messaging system.

FIG. 2 is a block diagram illustrating a secure e-mail message exchangein a messaging system.

FIG. 3 is a block diagram of a system which supports multiple digitalcertificate status information providers.

FIG. 4 is a flow diagram illustrating a method of supporting multipledigital certificate status information providers.

FIG. 5 is a block diagram of a system having multiple proxy systemclient modules which support multiple digital certificate statusinformation providers.

FIG. 6 is a block diagram of a wireless mobile communication device.

FIG. 7 is a block diagram illustrating a multiple messaging schemeutilizing an intermediate computer system.

FIG. 8 is a block diagram showing an example communication system.

FIG. 9 is a block diagram of an alternative example communicationsystem.

FIG. 10 is a block diagram of another alternative communication system.

DETAILED DESCRIPTION

A secure message is a message that has been processed by a messagesender, or possibly by an intermediate system between a message senderand a message receiver, to ensure one or more of data confidentiality,data integrity and user authentication. Common techniques for securemessaging include signing a message with a digital signature and/orencrypting a message. For example, a secure message may be a messagethat has been signed, or encrypted, or encrypted and then signed, orsigned and then encrypted according to variants of Secure MultipurposeInternet Mail Extensions (S/MIME).

A messaging client allows a system on which it operates to receive andpossibly also send messages. Messaging clients may operate on a computersystem, a handheld device, or any other system or device withcommunications capabilities. Many messaging clients also have additionalnon-messaging functions.

FIG. 1 is a block diagram of an exemplary messaging system. There aremany different messaging system topologies, and the system shown in FIG.1 is but one of many that may be used with the systems and methodsdisclosed herein.

The system 10 includes a Wide Area Network (WAN) 12, coupled to acomputer system 14, a wireless network gateway 16 and a corporate LocalArea Network (LAN) 18. The wireless network gateway 16 is also connectedto a wireless communication network 20 in which a wireless mobilecommunication device 22 (“mobile device”), is configured to operate. Anexemplary mobile device 22 may be of the type disclosed in U.S. Pat. No.6,278,442, entitled “HAND-HELD ELECTRONIC DEVICE WITH A KEYBOARDOPTIMIZED FOR USE WITH THE THUMBS,” the entire disclosure of which isincorporated herein by reference.

The computer system 14 represents a desktop or laptop PC that isconfigured for connection to the WAN 12. The WAN 12 can be a privatenetwork, or a larger publicly accessible network, such as the Internet.PCs such as the computer system 14 normally access the Internet throughan Internet Service Provider (ISP), Application Service Provider (ASP)or the like.

The corporate LAN 18 is an example of a network-based messaging client.As shown, a corporate LAN 18 is normally located behind a securityfirewall 24. Within the corporate LAN 30 is a message server 26, runningon a computer within the firewall 24, that functions as the maininterface for the corporation to exchange messages both within the LAN18 and with other external messaging clients via the WAN 20. Two of themost common message servers 26 are the Microsoft™ Exchange and LotusDomino™ server products. These servers are often used in conjunctionwith Internet mail routers that route and deliver mail. A message server26 may extend beyond just message sending and receiving, providing suchfunctionality as dynamic database storage engines that have predefineddatabase formats for data like calendars, to-do lists, task lists,e-mail and documentation.

The message server 26 provides messaging capabilities to one or morenetwork computer systems 28 in the LAN 18. A typical LAN includesmultiple computer systems shown generally as computer systems 28, eachof which implements a messaging client, most often as a softwareapplication such as Microsoft Outlook™, for messaging functions. In thenetwork 18, messages are received by the message server 26, distributedto the appropriate mailboxes for user accounts addressed in the receivedmessage, and can be accessed by a user through a computer in the one ormore computer systems 28. Although messaging clients in the LAN 18operate on the computer systems 28, there are also known messagingclients that operate in conjunction with handheld devices and othersystems or devices with electronic messaging capabilities. Like themessage server 26, a messaging client may also have additionalnon-messaging functions.

The wireless network gateway 16 provides an interface to a wirelessnetwork 20, through which messages may be exchanged with a mobile device22. Such functions as addressing of a mobile device 22, encoding orotherwise transforming messages for wireless transmission, and any otherrequired interface functions are performed by the wireless networkgateway 16. Where the wireless network gateway 16 is configured foroperation in conjunction with more than one wireless network 20, thewireless network gateway 16 may also determine a most likely network forlocating a given user and track users as they roam between countries ornetworks.

Any computer system with access to the WAN 12 may exchange messages witha mobile device 22 through the wireless network gateway 16.Alternatively, private wireless network gateways such as wirelessVirtual Private Network (VPN) routers could also be implemented toprovide a private interface to a wireless network such as 20. Forexample, a wireless VPN implemented in the LAN 18 provides a privateinterface from the LAN 18 to one or more mobile devices through thewireless network 20.

Such a private interface to wireless devices via the wireless networkgateway 16 and/or the wireless network 20 can effectively be extended toentities outside the LAN 18 by providing a message forwarding orredirection system which operates with the message server 26. In thistype of system, incoming messages received by the message server 26 andaddressed to a user that has a mobile device 22 are redirected throughthe wireless network interface, either a wireless VPN router, thegateway 16 or another interface, for example, to the wireless network 20and to the user's mobile device 22. An exemplary redirector systemoperating on the message server 26 may be of the type disclosed in U.S.Pat. No. 6,219,694, entitled “SYSTEM AND METHOD FOR PUSHING INFORMATIONFROM A HOST SYSTEM TO A MOBILE DATA COMMUNICATION DEVICE HAVING A SHAREDELECTRONIC ADDRESS,” the entire disclosure of which is incorporatedherein by reference.

In wireless networks such as 20, messages are normally delivered to andfrom mobile devices such as the mobile device 22 via RF transmissionsbetween base stations in the wireless network 20 and mobile devices.Modern wireless networks typically serve thousands of subscribers, eachsubscriber having a mobile device. The wireless network 20 may be one ofmany different types of wireless network, such as a data-centricwireless network, a voice-centric wireless network or and a dual-modenetworks that can support both voice and data communications over thesame physical base stations. Dual-mode networks include, but are notlimited to recently-developed Code Division Multiple Access (CDMA)networks, the Groupe Special Mobile or the Global System for MobileCommunications (GSM) and the General Packet Radio Service (GPRS), andfuture third-generation (3G) networks like Enhanced Data rates forGlobal Evolution (EDGE) and Universal Mobile Telecommunications Systems(UMTS). GPRS is a data overlay on the GSM wireless network, operating invirtually every country in Europe. In addition to these illustrativewireless networks, other wireless networks may also be used.

Other examples of data-centric networks include, but are not limited tothe Mobitex™ Radio Network (“Mobitex”) and the DataTAC™ Radio Network(“DataTAC”). Examples of older voice-centric data networks includePersonal Communication Systems (PCS) networks like CDMA, GSM, and TimeDivision Multiple Access (TDMA).

The mobile device 22 may be a data communication device, a voicecommunication device, or a multiple-mode device capable of voice, dataand other types of communications. An exemplary mobile device 22 isdescribed in further detail below and with reference to FIG. 6.

Perhaps the most common type of messaging currently in use is e-mail. Ina standard e-mail system, an e-mail message is sent by an e-mail sender,possibly through a message server and/or a service provider system, andtypically routed through the Internet to one or more message receivers.E-mail messages are normally sent unencrypted and use traditional SimpleMail Transfer Protocol (SMTP), RFC822 headers and MIME body parts todefine the format of the e-mail message. As described briefly above, amessage that is routed to an addressed message receiver can beredirected to a mobile device. Since a wireless link cannot bephysically secured in the same way as a wired connection, messages areoften encrypted for transfer through a wireless network. Overall messagesecurity can be further enhanced if a secure transfer mechanism is alsoused between the message sender and each recipient.

In recent years, secure messaging techniques have evolved to protectboth the content and integrity of messages such as e-mail messages.S/MIME and Pretty Good Privacy™ (PGP™) are two public key secure e-mailmessaging protocols that provide for both encryption, to protect datacontent, and signing, which both protects the integrity of a message andprovides for sender authentication by a message receiver. Securemessages may also be encoded, compressed or otherwise processed inaddition to being encrypted and/or signed.

FIG. 2 is a block diagram illustrating a secure e-mail message exchangein a messaging system. The system includes an e-mail sender 30, coupledto a WAN 32 and a wireless gateway 34, which provides an interfacebetween the WAN 32 and a wireless network 36. A mobile device 38 isadapted to operate within the wireless network 36. Also shown in FIG. 2are digital certificate status information providers 35 and 37 and aproxy system 39, both coupled to the WAN 32.

The e-mail sender 30 may be a PC, such as the system 14 in FIG. 1, ormay be a network-connected computer, such as a computer system 28 inFIG. 1. The e-mail sender 30 may also be another mobile device on whiche-mail messages may be composed and sent. The WAN 32, the wirelessgateway 34, the wireless network 36, and the mobile device 38 aresubstantially the same as similarly labelled components in FIG. 1.

According to secure messaging schemes such as S/MIME and PGP, a messageis encrypted using a one-time session key chosen by the e-mail sender30. The session key is used to encrypt the message body and is thenitself encrypted using the public key of each addressed message receiverto which the message is to be sent. As shown at 40, a message encryptedin this way includes an encrypted message body 44 and an encryptedsession key 46. In this type of message encryption scheme, a messagesender such as e-mail sender 30 must have access to the public key ofeach entity to which an encrypted message is to be sent.

A secure e-mail message sender such as 30 normally signs a message bytaking a digest of the message and signing the digest using the sender'sprivate key. A digest may, for example, be generated by performing acheck-sum, a Cyclic Redundancy Check (CRC), a digest algorithm such asMessage Digest Algorithm 5 (MD5), a hash algorithm such as SecureHashing Algorithm 1 (SHA-1), or some other preferably non-reversibleoperation on the message. In the example shown in FIG. 2, both theencrypted message body 44 and the encrypted session key 46 are used togenerate a digest. This digest is then signed by the sender 30 using thesender's private key. The signature private key is used, for example, toperform an encryption or other transformation operation on the digest togenerate the digest signature. A digital signature, including the digestand the digest signature, is then appended to the outgoing message, asshown at 42. A digital certificate of the sender, which includes thesender's public key and sender identity information that is bound to thepublic key with one or more digital signatures, and possibly any chaineddigital certificates and CRLs associated with the sender's digitalcertificate and any chained digital certificates, may also be attachedto the secure message 40.

The secure e-mail message 40 sent by the e-mail sender 30 includes thedigital signature 42, as well as the encrypted message body 44 and theencrypted session key 46, both of which are signed. In the S/MIME securemessaging technique, digital certificates, CRLs and digital signaturesare normally placed at the beginning of a message, and the message bodyis included in a file attachment. Messages generated by other securemessaging schemes may place message components in a different order thanshown or include additional and/or different components. For example, asecure message such as 40 may include addressing information, such as“To:” and “From:” email addresses, and other header information.

When the secure e-mail message 40 is sent from the e-mail sender 30, itis routed through the WAN 32 to the wireless network 36 and the mobiledevice 38. The transmission path between the e-mail sender 30 and themobile device 38 may also include additional or different componentsthan those shown in FIG. 2. For example, the secure e-mail message 40may be addressed to a mailbox or data store associated with a messageserver or data server which has been wirelessly enabled to forward orsend received messages and data to the mobile device 38. Furtherintermediate systems may also store and/or route the secure message tothe mobile device 38. The exemplary system as previously described andas disclosed in U.S. Pat. No. 6,219,694 is an example of one suchsystem.

In addition, the secure message 40 may be routed or forwarded to themobile device 38 through other transport mechanisms than the wirelessgateway 34. For example, routing to the wireless network 36 may beaccomplished using a wireless VPN router associated with the e-mailsender 30, or, in the case of a message being received at anintermediate computer system or server and then forwarded to the mobiledevice 38, with the computer system or server.

Regardless of whether a signed message is sent directly to the mobiledevice 38 or forwarded to the mobile device 38 by intermediate systemsor components, when a signed message is received, the mobile device 38may verify the digital signature 42. In order to verify the digitalsignature 42, the mobile device 38 uses a digital signature checkalgorithm corresponding to the signature generation algorithm used bythe message sender, which may be specified in a message header or in thedigital signature 42, and the sender's public key. If a secure messageincludes the sender's digital certificate, then the sender's public keymay be extracted from the digital certificate. The sender's public keymay instead be retrieved from a local store, for example, where thepublic key was extracted from an earlier message from the sender andstored in a key store in the receiver's local store or the sender'sdigital certificate is stored in the local store, or from a Public KeyServer (PKS). A PKS is a server that is normally associated with aCertificate Authority (CA) from which a digital certificate for anentity, including the entity's public key, is available. A PKS mightreside within a corporate LAN such as LAN 18 of FIG. 1, or anywhere onthe WAN 32, Internet or other network or system through which messagereceivers may establish communications with the PKS.

Although digital signature algorithms and digest algorithms may bepublicly known, a sender signs an original message using its own privatekey. Therefore, an entity that alters an original message cannotgenerate a digital signature that can be verified with the sender'spublic key. If a sent message is altered by an attacker after it hasbeen signed by a sender, then the digital signature verification basedon the sender's public key fails. These mathematical operations do notprevent anyone from seeing the contents of the secure message, but doensure that the message has not been tampered with because it was signedby the sender, and that the message was signed by the person asindicated in the “From” field of the message.

When the digital signature 42 has been verified, or sometimes even ifdigital signature verification fails, the encrypted message body 44 isthen decrypted before it can be displayed or further processed by areceiving messaging client operating on the mobile device 38 in FIG. 2.A receiving messaging client uses its private key to decrypt theencrypted session key 46 and then uses the decrypted session key todecrypt the encrypted message body 44 and thereby recover the originalmessage. Those skilled in the art will appreciate that an entity mayhave more than one associated cryptographic key pair, such as asignature private/public key pair and an encryption private/public keypair. Thus, the mobile device 38 may use one private key to decrypt theencrypted message body 44, and a different private key to digitally signan outgoing secure message.

An encrypted message that is addressed to more than one receiverincludes an encrypted version of the session key, for each receiver,that was encrypted using the public key of the receiver. Each receiverperforms the same digital signature verification operations, butdecrypts a different one of the encrypted session keys using its ownprivate key.

Therefore, in a secure messaging system, a sending messaging clientshould have access to the public key of any receiver to which anencrypted message is to be sent. A receiving messaging client should beable to retrieve the sender's public key, which may be available to amessaging client through various mechanisms, in order to verify adigital signature in a signed message. Although the mobile device 38 isa receiver of the secure message 40, the mobile device 38 may be enabledfor two-way communications, and may therefore access public keys forboth message sending and message receiving operations.

Public keys are commonly provided in digital certificates. As describedabove, a digital certificate for any particular entity typicallyincludes the entity's public key and identification information that isbound to the public key with a digital signature. Several types ofdigital certificates are currently in widespread use, including forexample X.509 digital certificates which are typically used in S/MIME.PGP uses digital certificates with a slightly different format. Systemsand methods discussed herein may be used with any of these types ofdigital certificate, as well as other types of digital certificates,both currently known types as well as others that may be developed inthe future. The digital signature in a digital certificate is generatedby the issuer of the digital certificate, and can be checked by amessage receiver substantially as described above. A digital certificatesometimes includes an expiry time or validity period from which amessaging client may determine if the digital certificate has expired.Verification of the validity of a digital certificate may also involvetracing a certification path through a digital certificate chain, whichincludes a user's digital certificate as well as other digitalcertificates to verify that the user's digital certificate is authentic.

A digital certificate may also be checked to ensure that it has not beenrevoked. As described above, digital certificate revocation status maybe checked by consulting a CRL or by requesting digital certificatestatus information from a digital certificate revocation statusinformation source. In the system of FIG. 2, a user of the mobile device38 may submit a revocation status request for any digital certificatestored at the mobile device 38 to one of the status informationproviders 35 and 37. The provider 35 or 37 then returns revocationstatus information for that digital certificate to the mobile device 38.In order to query both of the status providers 35 and 37, a separaterequest is sent to each status provider.

Online Certificate Status Protocol (OCSP) is one scheme that providesfor determination of digital certificate revocation status withoutrequiring CRLs. Versions of OCSP have been defined, for example, in RFC2560 and in the Internet-Draft “Online Digital Certificate StatusProtocol, version 2”, both available from the Internet Engineering TaskForce (IETF). OCSP is one of the most widely used digital certificaterevocation status check protocols and is therefore used herein as anillustrative example of such schemes. The systems and methods describedherein, however, may also be applicable to other types of digitalcertificate revocation status checking schemes involving retrieval ofrevocation status information from remote sources.

According to OCSP, a request is submitted to a status informationprovider, generally referred to as an OCSP responder. Upon receipt of aproperly formatted request, an OCSP responder returns a response to therequestor. An OCSP request includes at least an OCSP protocol versionnumber, a service request, and an identification of a target digitalcertificate to which the request is related.

The version number identifies the version of OCSP with which the requestcomplies. The service request specifies the type of service beingrequested. For OCSP version 2, Online Revocation Status (ORS), DelegatedPath Validation (DPV) and Delegated Path Discovery (DPD) services havebeen defined. Through the ORS service, a messaging client may obtainrevocation status information for digital certificates. The DPV and DPDservices effectively delegate digital certificate validationpath-related processing to a remote system.

Normally, a target digital certificate is identified in an OCSP requestusing a hash of the distinguished name (DN) of the issuer of the digitalcertificate, as well as the serial number of the digital certificate.However, since multiple digital certificate issuers may use the same DN,further identification information, in the form of a hash of theissuer's public key, is also included in the request. Therefore, targetdigital certificate information in an OCSP request includes a hashalgorithm identifier, a hash of the DN of the digital certificate issuergenerated using the hash algorithm, a hash of the issuer's public key,also generated using the hash algorithm, and the serial number of thetarget digital certificate.

The request may or may not be signed by a requestor. Further optionalinformation may also be included in a request and processed by an OCSPresponder.

When a messaging client is operating on a mobile device, OCSP may bedesirable in that it reduces the processing and memory resourcesnecessary to check revocation status of a digital certificate relativeto CRL-based revocation status checking. However, OCSP requests can berelatively long and thereby consume limited wireless communicationresources. Request overhead can be particularly large when requests aresubmitted to more than one status provider, for example when an errormessage is returned in response to a request to a status provider. Theproxy system 39, in conjunction with an appropriately enabled mobiledevice 38, or possibly any other system on which a messaging clientoperates, may be used to optimize OCSP and similar protocols formultiple remote systems, as described in further detail below.

FIG. 3 is a block diagram of a system which supports multiple digitalcertificate status information providers. The mobile device 38 includesa memory 52, a messaging system 60, a proxy system client module 62, auser interface (UI) 64, and a wireless transceiver 65. The memory 52includes a storage area for a digital certificate store 54, as well asdata stores such as an address book 56 in which messaging contactinformation is stored, and an application data store 58 which storesdata associated with software applications on the mobile device 38. Datastores 56 and 58 are illustrative examples of stores that may beimplemented in a memory 52 on mobile device 38. The memory 52 may alsobe used by other device systems in addition to those shown in FIG. 3 tostore other types of data.

The memory 52 is illustratively a writable store such as a RAM intowhich other device components may write data. The digital certificatestore 54 is a storage area that is dedicated to storage of digitalcertificates on the mobile device 38. Digital certificates may be storedin the digital certificate store 54 in the format in which they arereceived, or may alternatively be parsed or otherwise translated into astorage format before being written to the store 54.

The messaging system 60 is connected to the wireless transceiver 65 andis thus enabled for communications via a wireless network. The messagingsystem 60 may be a messaging client embodied in a software application.

The proxy system client module 62, which may be implemented as asoftware application or component, may be coupled to the messagingsystem 60, the digital certificate store 54, and the mobile device's UI64, as shown. Revocation status for any of the digital certificatesstored in the digital certificate store 54, or those received by themessaging system 60 but not yet stored in the digital certificate store54, may be checked using the proxy system client module 62.

The UI 64 may include such UI components as a keyboard or keypad, adisplay, or other components which accept inputs from or provide outputsto a user of the mobile device 38. Although shown as a single block inFIG. 3, a mobile device 38 typically includes more than one UI, and theUI 64 therefore represents one or more user interfaces.

The wireless network 36, the wireless gateway 34, the WAN 32, and thestatus information providers 35 and 37 are substantially the same assimilarly-labelled components in FIG. 2.

The proxy system 39 includes a proxy system service module or component68 and status provider client modules 66 and 67. The proxy systemservice component 68 is configured to exchange information with theproxy system client module 62, and the status provider client modules 66and 67 are respectively adapted to exchange information with the statusinformation providers 35 and 37. The status provider client modules 66and 67 and the proxy system service module 68 are preferably softwareapplications or modules operating at the proxy system 39. These softwareapplications may be a single program, or may alternatively be separateprograms executed independently.

In operation, the messaging system 60 on the mobile device 38 receivesand possibly sends secure messages via the wireless network 36 asdescribed above. When a signature on a received secure message is to beverified or a message is to be sent with an encrypted session key, themessaging system 60 may retrieve a public key for an entity (i.e., asender of a received message or a recipient of a message to be sent)from a digital certificate or a key store on the mobile device 38.Before the public key is used, however, the messaging system 60 or auser thereof may wish to check that a digital certificate containing thepublic key is valid and has not been revoked.

Digital certificate checking operations may be performed automatically,when a digital certificate is received, for example, periodically, atpredetermined or user-configurable intervals, or when invoked by a userthrough a UI 64. Different types of digital certificate checkingoperations may also be dependent upon different controls. For instance,where the validity and revocation status of a digital certificate ischecked when the digital certificate is first loaded onto the mobiledevice 38, the digital certificate may be assumed to be valid until anexpiry time or during a validity period specified in the digitalcertificate. However, its revocation status may thereafter be checkedonce every week.

As described above, digital certificate status information requests to aremote information provider such as 35 or 37 may be relatively long andare therefore not optimal for implementation in a mobile device 38 orother bandwidth-limited communication systems. Time delays and datatransfers involved in submitting requests to each of multiple statusinformation providers can be undesirable even for less constrainedsystems. The proxy system client module 62 and service module 68 arepreferably adapted to gather digital certificate status requestinformation which is used to request status information for a digitalcertificate from all known status information providers.

When a user of the mobile device 38 wishes to check the revocationstatus of a digital certificate, for example, the proxy system clientmodule 62, or possibly a software application which operates inconjunction with the proxy system client module 62, may be invoked, byentering an appropriate command on a UI 64 such as a keyboard. The usermay also specify the particular digital certificate to be checked, forinstance using the serial number or subject name of the digitalcertificate. Alternatively, the proxy system client module 62 may accessthe digital certificate store 54 to display to the user a list ofcurrently stored digital certificates, from which the user may selectone or more digital certificates to be checked.

The proxy system client module 62 then preferably either extracts fromthe selected digital certificate(s) or obtains from the user through aUI 64, any information required by the proxy system service module 68for a digital certificate revocation status check. Since the proxysystem 39 provides an interface between the mobile device 38 and thestatus information providers 35 and 37, requests and responses betweenthe proxy system client module 62 and proxy system service module 68need not conform to the protocol used between the status provider clientmodules 66 and 67 and the respective status information providers 35 and37. Therefore, although the status providers 35 and 37 and clientmodules 66 and 67 may support OCSP or a similar protocol, the proxysystem service module 68 and client module 62 may support a more compactprotocol involving less data exchange.

The particular information extracted or obtained by the proxy systemclient module 62 is dependent upon the communication protocolimplemented between the proxy system client module 62 and service module68. The proxy system client module 62 can preferably extract a digitalcertificate subject name, serial number, issuer name, and other digitalcertificate information from a digital certificate in the digitalcertificate store 54. If digital certificates are first parsed and thenparsed data is stored in the digital certificate store 54, then suchinformation may be extracted from the parsed data in the digitalcertificate store 54 by the proxy system client module 62. If furtherinformation is required, a user may be prompted to enter theinformation. For example, if the proxy system 39 is configured to storea mapping table or like element which maintains a correspondence betweendigital certificate issuers and serial numbers and/or subject names,then the status provider client modules 66 and 67 may format requestsfor the status information providers 35 and 37 based on only a serialnumber or subject name received by the proxy system service module 68from the proxy system client module 62.

The proxy system client module 62 preferably gathers all informationthat is required for requests to any of the status information providers35 and 37. When all required information has been extracted or otherwiseobtained by the proxy system client module 62, a request is formattedand sent to the proxy system service module 68. The content of thisrequest is also dependent upon the communication protocol used betweenthe proxy system service module 68 and client module 62. If more thanone type of service is supported, then the request may specify whichtype of service is requested. In some implementations, only a singleservice may be supported, such that no service type need be specified.

Information received by the proxy system service module 68 is preferablypassed to each status provider client module 66 and 67. This informationis then used by the status provider client modules 66 and 67 to format arequest for the respective status information providers 35 and 37. Ifthe revocation status information providers 35 and 37 and statusprovider client modules 66 and 67 support OCSP for example, informationprovided by the proxy system service module 68, as well as any furtherrequired information, are formatted into an OCSP requests. In somecases, the information provided by the proxy system service module 68may include all required information, whereas in other cases, furtherinformation may be extracted from other sources, such as the aboveexample mapping table, and included in the requests to the statusinformation providers 35 and 37.

Since the status provider client modules 66 and 67 may support differentprotocols or require different information for service requests, eachprovider may extract or use different information provided in theinitial service request received by the proxy system service module 68.For example, if the provider client module 66 requires only a subset ofthe information required by the provider client module 67, then eachstatus provider client module 66, 67 preferably extracts the informationit requires from the initial request or retrieves the information itrequires from the initial request, or from a version of the initialrequest, or parsed data extracted therefrom, stored to a data store atthe proxy system 39. Alternatively, the proxy system service module 68is configured to pass any required information to each provider clientmodule 66 and 67. The length of the initial request may then be furtherreduced by configuring the proxy system client module 62 to include anyinformation required by the provider client modules 66 and 67 in theinitial request only once. Redundancy in, and thus the length of, theinitial request is thereby reduced, since common information required bymore than one provider client module appears in the initial request onlyonce, but can be extracted or retrieved by, or passed to, each providerclient module 66 and 67.

Thus, the proxy system 39 requests digital certificate statusinformation from multiple status information providers for which aprovider client module has been implemented, responsive to a singleinitial request to the proxy system 39. According to known techniques,separate requests are submitted to each status information provider 35and 37 by the mobile device 38.

A determination of the particular status information providers to whicha request will be sent in response to an initial request from the mobiledevice 38 may be made in any of several ways. A proxy system 39 may senda request to every status information provider for which a providerclient module has been implemented, or possibly to each statusinformation provider in a default list stored at the proxy system 39.Similarly, a default, possibly user-configurable, list of statusinformation providers may be stored at the mobile device 38 and includedin the initial request sent from the mobile device 38. In this case, theproxy system 39 may store the default list received in an initialrequest from the mobile device 38, and then use the default list forsubsequent initial requests from the mobile device 38, until a newdefault list for the mobile device 38 is received. Alternatively, a usermay select or specify status information providers to be used to providethe requested service. User-selected or specified status informationproviders in an initial request may over-ride any default list of statusinformation providers. Preferred status information providers may alsobe included in each digital certificate stored in the digitalcertificate store 54 or received by the mobile device 38 and submittedto the proxy system service module 68 when such a digital certificate isa target digital certificate in an initial request.

In FIG. 3, the status provider 37 may support an ORS or like service.Upon receiving a request, each status information provider 35 and 37,which will be OCSP responders when the providers 35 and 37 and clientmodules 66 and 67 support OCSP, checks the request to ensure that it isformatted properly, that the requested service is a service that it isconfigured to provide, and that the request includes all of theinformation required for the requested service. If these conditions arenot met, then a provider 35 or 37 may return an error message to itsclient module 66 or 67. Each client module 66 and 67 may then performerror processing if it is so configured, including such operations asproviding any missing required information, requesting missinginformation from the mobile device 38 through the proxy system servicemodule 68, or returning an error message to the proxy system servicemodule 68. Responsive to an error message from a client module 66 or 67,the proxy system service module 68 preferably formats and sends an errormessage to the proxy system client module 62 as a response to itsinitial service request. Other conditions, such as when a provider 35 or37 receives an unsigned request but is configured to expect signedrequests, or when a provider service is unable to respond, may alsoresult in an error message being returned to a provider client module 66or 67. Since digital certificate status information is requested frommultiple status information providers 35 and 37 however, errorprocessing may possibly be invoked only when all status informationproviders 35 and 37 to which requests have been sent return an errormessage.

If the request meets the above conditions, then a so-called “definitive”response is returned to the corresponding provider client module 66 or67. A definitive response typically includes one of a plurality ofstatus indications, such as a “valid” or like indication when a targetdigital certificate has not been revoked, a “revoked” indication whenthe target digital certificate has been revoked, or an “unknown”indication if the status provider 35 or 37 has no record or knowledge ofthe target digital certificate.

Since a request is sent to each status information provider 35 and 37,responses may be received by more than one of the provider clientmodules 66 and 67. Any responses are preferably passed to the proxysystem client module 68, which selects one of the responses to be usedin preparing a response that will be returned to the proxy system clientmodule 62 on the mobile device 38. In this configuration, the proxysystem service module 68 uses the first definitive response to prepare aresponse to the proxy system client module 62. If no definitive responseis received, then an error or similar response may be prepared by theproxy system service module 68 and returned to the proxy system clientmodule 62 to indicate this result. Other selection criteria, including astatus information provider ranking list, for example, may also be usedto control which one of multiple responses will be returned to the proxysystem client module 62 or used to prepare a response to the proxysystem client module 62. Such a ranking may be established at the proxysystem 39 or at the mobile device 38, or specified in a digitalcertificate. Relative ranking may also be inherent in the ordering ofstatus information providers in a list that is used to control theparticular status information providers to which requests will be sentby the proxy system 39, as described above.

When a selected response from one of the status information providers 35and 37 is signed, and the proxy system client module 62 or anothercomponent on the mobile device 38 is configured to verify digitalsignatures on status responses, then the entire selected response, orpossibly only the signed portions thereof, may be forwarded to the proxysystem client module 62 substantially unchanged. If only portions of aresponse are signed, then unsigned portions of the response arepreferably removed by the proxy system service module 68 to reduce thesize of the response sent to the proxy system client module 62 via thewireless network 36. However, if the proxy system service module 68 orthe status provider client module 66 checks status response signatureson behalf of the mobile device 38, then certain parts of the response,for example the status indication and the digital certificate serialnumber or subject name, may be extracted by the proxy system servicemodule 68 and formatted into a response that is then sent to the proxysystem client module 62. The response from the proxy system servicemodule 68 is then processed by the proxy system client module 62 orpossibly another component on the mobile device 38 to determine whetheror not the digital certificate has been revoked.

The presence of a proxy system client module 62 preferably does notpreclude digital certificate validity and revocation status checksaccording to known techniques. Thus, digital certificate status checksinvolving remote systems such as the status information providers 35 and37 may be complementary to other status check operations.

FIG. 4 is a flow diagram illustrating a method of supporting multipledigital certificate status information providers. At step 80, anydigital certificates for which a status check is to be performed areidentified. As described above, this step could be performedautomatically or the digital certificates could be selected by a user.An initial request is then prepared and sent to the proxy system at step82. In some instances, the initial request includes a list of statusinformation providers to which a request should be sent, and possibly aranking list that specifies an order of preference between subsequentresponses from different status providers. As described above, a list ofstatus information providers may be arranged in order of preference toprovide both status information provider information and preferenceinformation.

At step 84, status information provider client modules at the proxysystem prepare and send service requests to each status informationprovider, such as an OCSP responder. Each status information providerthen checks its request to ensure that it is formatted properly, thatthe requested service, digital certificate revocation status in thisexample, is supported by the provider, and that all required informationis included in the request. These checks are performed by each statusinformation provider at step 86.

If the request does not satisfy these conditions, then an error messageis returned to the proxy system at step 88. Error processing may then beexecuted at step 90, to obtain further information when the request doesnot include all required information, for example, after which a newservice request may be prepared and sent to the provider at step 84.

When the request satisfies the conditions in step 86, the statusinformation provider returns a status indication to the proxy system atstep 92, in response to the service request from the proxy system. Thesteps 86, 88 and 92 are preferably performed by each status informationprovider to which a request has been sent at step 84.

At step 94, the proxy system selects one of the responses to be used inpreparing a response to the requester, the mobile device 38 in FIG. 3,for example. As described above, the first definitive response isselected, or other selection criteria may be applied. The selectedresponse, or at least parts thereof, is then returned to the requester,as a response to the initial service request, at step 96.

Although the system and method described above relate to theillustrative example of digital certificate revocation status checking,digital certificate validity checks, according to the DPV and DPDservices of OCSP or other protocols, for example, may similarly beoptimized for multiple status information providers through a proxysystem client module and service module. A proxy system may also beenabled to provide its proxy service to multiple mobile devices, and amobile device may be configured to communicate with more than one proxysystem.

In another embodiment, a mobile device 100 and proxy system 128 includemultiple client and service modules. FIG. 5 is a block diagram of asystem having multiple proxy system client modules which supportmultiple digital certificate status information providers. In FIG. 5,the memory 102, the data stores 104, 106, and 108, the messaging system110, the UI 114, the wireless transceiver 116, the wireless network 118,the wireless gateway 120, and the WAN 122 are substantially the same assimilarly labelled components in FIG. 3.

The mobile device 100 includes N client modules 112, including the proxysystem client module A 113 and the proxy system client module N 111. Theproxy system 128 includes corresponding proxy system service modules Aand N, 132 and 136. It should be appreciated that other proxy systemclient modules on the mobile device 100 may be supported by other proxysystem service modules in the proxy system 128, or by proxy systemservice modules in other proxy systems. The proxy system 128 alsoincludes status provider client modules A and N, 130 and 134, which areconfigured for communications with the status information provider A 126and the status information provider N 124, respectively.

The system shown in FIG. 5 operates substantially as described above.When the status of one or more digital certificates, such as revocationstatus for example, is to be checked, each proxy system client module113 and 111 preferably extracts or otherwise obtains informationrequired in a service request to its respective proxy system servicemodule 132 and 136. The status provider client modules 130 and 134 thenuse the information from the service request from the mobile device 100,and possibly information available at the proxy system 128, to prepare aservice request to status information providers 126 and 124. The proxysystem service modules 132 and 136, or possibly another component of theproxy system 128, are preferably configured such that only one of theresponses returned by the status information providers 126 and 124, orat least portions thereof, is reformatted if necessary and returned tothe proxy system client modules 113 and 111 at the mobile device 100.One of the responses may be selected according to any of the schemesdescribed above.

Each proxy system client module 113 and 111 may be adapted to collectrequest information and process response information for a differentremote digital certificate status check protocol. However, theinformation collected by both proxy system client modules 113 and 111may be combined into a single initial request to the proxy system 128.Each proxy system service module 132 and 136 then extracts informationfrom the service request required for a service request to itsassociated status information provider 126 and 124.

A multiple-client module system such as shown in FIG. 5 is particularlyuseful when a user wishes to check validity and/or revocation status ofan entire digital certificate chain which includes digital certificatesfor which status information is available from different statusinformation providers. In known systems, separate requests for eachdigital certificate in the chain must be sent to the status informationproviders. In the system of FIG. 5 however, only a single request needbe sent from the mobile device 100 to obtain status information from anynumber of status information providers.

FIG. 6 is a block diagram of a wireless mobile communication device. Themobile device 600 is preferably a two-way communication device having atleast voice and data communication capabilities. The mobile device 600preferably has the capability to communicate with other computer systemson the Internet. Depending on the functionality provided by the mobiledevice, the mobile device may be referred to as a data messaging device,a two-way pager, a mobile telephone with data messaging capabilities, awireless Internet appliance, or a data communication device (with orwithout telephony capabilities). As mentioned above, such devices arereferred to generally herein simply as mobile devices.

The mobile device 600 includes a transceiver 611, a microprocessor 638,a display 622, a Flash memory 624, a random access memory (RAM) 626,auxiliary input/output (I/O) devices 628, a serial port 630, a keyboard632, a speaker 634, a microphone 636, a short-range wirelesscommunications sub-system 640, and other device sub-systems 642. Thetransceiver 611 includes transmit and receive antennas 616, 618, areceiver (Rx) 612, a transmitter (Tx) 614, one or more local oscillators(LOs) 613, and a digital signal processor (DSP) 620. Within the Flashmemory 624, the mobile device 600 includes a plurality of softwaremodules 624A-624N that can be executed by the microprocessor 638 (and/orthe DSP 620), including a voice communication module 624A, a datacommunication module 624B, and a plurality of other operational modules624N for carrying out a plurality of other functions.

The mobile device 600 is preferably a two-way communication devicehaving voice and data communication capabilities. Thus, for example, themobile device 600 may communicate over a voice network, such as any ofthe analog or digital cellular networks, and may also communicate over adata network. The voice and data networks are depicted in FIG. 6 by thecommunication tower 619. These voice and data networks may be separatecommunication networks using separate infrastructure, such as basestations, network controllers, etc., or they may be integrated into asingle wireless network. References to the network 619 should thereforebe interpreted as encompassing both a single voice and data network andseparate networks.

The communication subsystem 611 is used to communicate with the network619. The DSP 620 is used to send and receive communication signals toand from the transmitter 614 and receiver 612, and may also exchangecontrol information with the transmitter 614 and receiver 612. If thevoice and data communications occur at a single frequency, orclosely-spaced set of frequencies, then a single LO 613 may be used inconjunction with the transmitter 614 and receiver 612. Alternatively, ifdifferent frequencies are utilized for voice communications versus datacommunications, then a plurality of LOs 613 can be used to generate aplurality of frequencies corresponding to the network 619. Although twoantennas 616, 618 are depicted in FIG. 6, the mobile device 600 could beused with a single antenna structure. Information, which includes bothvoice and data information, is communicated to and from thecommunication module 611 via a link between the DSP 620 and themicroprocessor 638.

The detailed design of the communication subsystem 611, such asfrequency band, component selection, power level, etc., will bedependent upon the communication network 619 in which the mobile device600 is intended to operate. For example, a mobile device 600 intended tooperate in a North American market may include a communication subsystem611 designed to operate with the Mobitex or DataTAC mobile datacommunication networks and also designed to operated with any of avariety of voice communication networks, such as AMPS, TDMA, CDMA, PCS,etc., whereas a mobile device 600 intended for use in Europe may beconfigured to operate with the GPRS data communication network and theGSM voice communication network. Other types of data and voice networks,both separate and integrated, may also be utilized with the mobiledevice 600.

Depending upon the type of network 619, the access requirements for themobile device 600 may also vary. For example, in the Mobitex and DataTACdata networks, mobile devices are registered on the network using aunique identification number associated with each device. In GPRS datanetworks, however, network access is associated with a subscriber oruser of the mobile device 600. A GPRS device typically requires asubscriber identity module (“SIM”), which is required in order tooperate the mobile device 600 on a GPRS network. Local or non-networkcommunication functions (if any) may be operable, without the SIM, butthe mobile device 600 will be unable to carry out any functionsinvolving communications over the network 619, other than any legallyrequired operations, such as ‘911’ emergency calling.

After any required network registration or activation procedures havebeen completed, the mobile device 600 may send and receive communicationsignals, preferably including both voice and data signals, over thenetwork 619. Signals received by the antenna 616 from the communicationnetwork 619 are routed to the receiver 612, which provides for suchoperations as signal amplification, frequency down conversion,filtering, channel selection, and analog to digital conversion. Analogto digital conversion of the received signal allows more complexcommunication functions, such as digital demodulation and decoding to beperformed using the DSP 620. In a similar manner, signals to betransmitted to the network 619 are processed, including modulation andencoding, for example, by the DSP 620 and are then provided to thetransmitter 614 for digital to analog conversion, frequency upconversion, filtering, amplification and transmission to thecommunication network 619 via the antenna 618. Although a singletransceiver 611 is shown in FIG. 6 for both voice and datacommunications, it is possible that the mobile device 600 may includetwo distinct transceivers, a first transceiver for transmitting andreceiving voice signals, and a second transceiver for transmitting andreceiving data signals. Multiple transceiver may also be provided in amobile device adapted to operate within more than one communicationnetwork or multiple frequency bands.

In addition to processing the communication signals, the DSP 620 alsoprovides for receiver and transmitter control. For example, the gainlevels applied to communication signals in the receiver 612 andtransmitter 614 may be adaptively controlled through automatic gaincontrol algorithms implemented in the DSP 620. Other transceiver controlalgorithms could also be implemented in the DSP 620 in order to providemore sophisticated control of the transceiver 611.

The microprocessor 638 preferably manages and controls the overalloperation of the mobile device 600. Many types of microprocessors ormicrocontrollers could be used here, or, alternatively, a single DSP 620could be used to carry out the functions of the microprocessor 638.Low-level communication functions, including at least data and voicecommunications, are performed through the DSP 620 in the transceiver611. Other, high-level communication applications, such as a voicecommunication application 624A, and a data communication application624B are stored in the Flash memory 624 for execution by themicroprocessor 638. For example, the voice communication module 624A mayprovide a high-level user interface operable to transmit and receivevoice calls between the mobile device 600 and a plurality of other voicedevices via the network 619. Similarly, the data communication module624B may provide a high-level user interface operable for sending andreceiving data, such as e-mail messages, files, organizer information,short text messages, etc., between the mobile device 600 and a pluralityof other data devices via the network 619. On the mobile device 600, asecure messaging software application, incorporating software modulescorresponding to the messaging system 60 and the proxy system clientmodule 62 or client modules 113 and 111, for example, may operate inconjunction with the data communication module 624B in order toimplement the techniques described above.

The microprocessor 638 also interacts with other device subsystems, suchas the display 622, the Flash memory 624, the RAM 626, the auxiliaryinput/output (I/O) subsystems 628, the serial port 630, the keyboard632, the speaker 634, the microphone 636, the short-range communicationssubsystem 640, and any of the other device subsystems generallydesignated as 642. For example, the modules 624A-N are executed by themicroprocessor 638 and may provide a high-level interface between a userand the mobile device 600. This interface typically includes a graphicalcomponent provided through the display 622, and an input/outputcomponent provided through the auxiliary I/O 628, the keyboard 632, thespeaker 634, or the microphone 636. Such interfaces are designatedgenerally as UI 64 and 114 in FIGS. 3 and 5, respectively.

Some of the subsystems shown in FIG. 6 perform communication-relatedfunctions, whereas other subsystems may provide “resident” or on-devicefunctions. Notably, some subsystems, such as the keyboard 632 and thedisplay 622 are used for both communication-related functions, such asentering a text message for transmission over a data communicationnetwork, and device-resident functions such as a calculator or task listor other PDA type functions.

Operating system software used by the microprocessor 638 is preferablystored in a non-volatile store such as Flash memory 624. In addition tothe operating system and communication modules 624A-N, the Flash memory624 may also include a file system for storing data. A storage area isalso preferably provided in the Flash memory 624 to store digitalcertificates, address book entries and possibly other informationrequired for messaging, shown as data stores 54, 56, and 58 in FIG. 3 orthe data stores 104, 106, and 108 in FIG. 5. The operating system,specific device applications or modules, or parts thereof, may betemporarily loaded into a volatile store, such as RAM 626 for fasteroperation. Moreover, received communication signals may also betemporarily stored to RAM 626, before permanently writing them to a filesystem located in the Flash memory 624.

An exemplary application module 624N that may be loaded onto the mobiledevice 600 is a personal information manager (PIM) application providingPDA functionality, such as calendar events, appointments, and taskitems. This module 624N may also interact with the voice communicationmodule 624A for managing phone calls, voice mails, etc., and may alsointeract with the data communication module 624B for managing e-mailcommunications and other data transmissions. Alternatively, all of thefunctionality of the voice communication module 624A and the datacommunication module 624B may be integrated into the PIM module.

The Flash memory 624 preferably provides a file system to facilitatestorage of PIM data items on the device. The PIM application preferablyincludes the ability to send and receive data items, either by itself,or in conjunction with the voice and data communication modules 624A and624B, via the wireless network 619. The PIM data items are preferablyseamlessly integrated, synchronized and updated, via the wirelessnetwork 619, with a corresponding set of data items stored or associatedwith a host computer system, thereby creating a mirrored system for dataitems associated with a particular user.

Although shown as a Flash memory 624, those skilled in the art willappreciate that other types of non-volatile store, such as a batterybacked-up RAM, for example, could be used in addition to or instead ofthe Flash memory 624.

The mobile device 600 may also be manually synchronized with a computersystem by placing the mobile device 600 in an interface cradle, whichcouples the serial port 630 of the mobile device 600 to the serial portof the computer system. The serial port 630 may also be used to enable auser to set preferences through an external device or softwareapplication, to download other application modules 624N forinstallation, and possibly to load digital certificates onto a mobiledevice. This wired download path may further be used to load anencryption key onto the device, which is a more secure method thanexchanging encryption information via the wireless network 619.

Additional application modules 624N may be loaded onto the mobile device600 through the network 619, through an auxiliary I/O subsystem 628,through the serial port 630, through the short-range communicationssubsystem 640, or through any other suitable subsystem 642, andinstalled by a user in the Flash memory 624 or RAM 626. Such flexibilityin application installation increases the functionality of the mobiledevice 600 and may provide enhanced on-device functions,communication-related functions, or both. For example, securecommunication applications may enable electronic commerce functions andother such financial transactions to be performed using the mobiledevice 600.

When the mobile device 600 is operating in a data communication mode, areceived signal, such as a text message or a web page download, isprocessed by the transceiver 611 and provided to the microprocessor 638,which preferably further processes the received signal for output to thedisplay 622, or, alternatively, to an auxiliary I/O device 628. Adigital certificate received by the transceiver 611, in response to arequest to a PKS or attached to a secure message, for example, may beadded to a digital certificate store in the Flash memory 624 if it hasnot already been stored. Validity and/or revocation status of such adigital certificate may also be checked as described above. A user ofmobile device 600 may also compose data items, such as e-mail messages,using the keyboard 632, which is preferably a complete alphanumerickeyboard laid out in the QWERTY style, although other styles of completealphanumeric keyboards such as the known DVORAK style may also be used.User input to the mobile device 600 is further enhanced with a pluralityof auxiliary I/O devices 628, which may include a thumbwheel inputdevice, a touchpad, a variety of switches, a rocker input switch, etc.The composed data items input by the user may then be transmitted overthe communication network 619 via the transceiver 611.

When the mobile device 600 is operating in a voice communication mode,the overall operation of the mobile device 600 is substantially similarto the data mode, except that received signals are preferably output tothe speaker 634 and voice signals for transmission are generated by amicrophone 636. In addition, the secure messaging techniques describedabove might not necessarily be applied to voice communications.Alternative voice or audio I/O subsystems, such as a voice messagerecording subsystem, may also be implemented on the mobile device 600.Although voice or audio signal output is preferably accomplishedprimarily through the speaker 634, the display 622 may also be used toprovide an indication of the identity of a calling party, the durationof a voice call, or other voice call related information. For example,the microprocessor 638, in conjunction with the voice communicationmodule 624A and the operating system software, may detect the calleridentification information of an incoming voice call and display it onthe display 622.

The short-range communications subsystem 640 may include an infrareddevice and associated circuits and components, or a short-range wirelesscommunication module such as a Bluetooth™ module or an 802.11 module toprovide for communication with similarly-enabled systems and devices.Those skilled in the art will appreciate that “Bluetooth” and “802.11”refer to sets of specifications, available from the Institute ofElectrical and Electronics Engineers, relating to wireless personal areanetworks and wireless LANs, respectively.

It will be appreciated that the above description relates to preferredembodiments by way of example only, as many other variations andexamples may occur to those skilled in the art. For example, althoughdigital certificate status checking according to aspects of the systemand method are described primarily in the context of a wireless mobilecommunication device, the system and method are also applicable tomessaging clients operating on other platforms, including thoseoperating on desktop and laptop computer systems, networked computerworkstations and other types of messaging clients for which digitalcertificate checks involving remote systems may be desired.

The above description also relates primarily to OCSP, although otherprotocols may similar be optimized through an intermediate proxy systemwhich operates in conjunction with both remote systems and proxy systemclient modules. Such other protocols are not limited to digitalcertificate status check protocols. A proxy system and proxy systemclient modules may be configured to provide other services than digitalcertificate status check services.

FIG. 7 is a block diagram illustrating a multiple messaging schemeutilizing an intermediate computer system. As shown in FIG. 7, the proxysystem may in general be an intermediate computer system 700 disposedbetween the mobile device 702 and status information providers (704,706, 708). The intermediate computer system 700 exchanges data with themobile device 702 and status information providers (704, 706, 708) vianetwork connections 710, 712. In addition to data communications, theintermediate computer system 700 may perform proxy server functions,such as security, administrative control, and caching.

The intermediate computer system 700 uses a status information providerdata structure 720 in determining which status information providers areto receive a service request. A service request asks a statusinformation provider to provide the status information. The datastructure 720 may be populated with provider information that was sentby the mobile device 702. There are many other ways for populating thedata structure 720 with provider information. For example, a mappingtable may be stored in the data structure 720 which maintains acorrespondence between digital certificate issuers and serial numbersand/or subject names. In this example, the intermediate computer system700 may format requests for the status information providers based ononly a serial number or subject name sent from the mobile device 702.

A service message handler 730 is used by the intermediate computersystem 700 to generate multiple service requests 732 based upon arequest received from the mobile device 702. Each of the generatedservice requests corresponds to a status information provider and asksfor status information from a provider. At least one of the responsesfrom the status information providers (704, 706, 708) is used in replyto the mobile device's request for status information.

Still further examples of the wide scope of the systems and methodsdisclosed herein are illustrated in FIGS. 8-10. FIGS. 8-10 describeadditional uses of the systems and methods within different exemplarycommunication systems.

FIG. 8 is a block diagram showing a communication system. In FIG. 8,there is shown a computer system 802, a WAN 804, corporate LAN 806behind a security firewall 808, wireless infrastructure 810, wirelessnetworks 812 and 814, and mobile devices 816 and 818. The corporate LAN806 includes a message server 820, a wireless connector system 828, adata store 817 including at least a plurality of mailboxes 819, adesktop computer system 822 having a communication link directly to amobile device such as through physical connection 824 to an interface orconnector 826, and a wireless VPN router 832. Operation of the system inFIG. 8 is described below with reference to the messages 833, 834 and836.

The computer system 802 is, for example, a laptop, desktop or palmtopcomputer system configured for connection to the WAN 804. Such acomputer system may connect to the WAN 804 via an ISP or ASP.Alternatively, the computer system 802 may be a network-connectedcomputer system that, like the computer system 822 for example, accessesthe WAN 804 through a LAN or other network. Many modern mobile devicesare enabled for connection to a WAN through various infrastructure andgateway arrangements, so that the computer system 802 may also be amobile device.

The corporate LAN 806 is an illustrative example of a central,server-based messaging system that has been enabled for wirelesscommunications. The corporate LAN 806 may be referred to as a “hostsystem”, in that it hosts both a data store 817 with mailboxes 819 formessages, as well as possibly further data stores (not shown) for otherdata items, that may be sent to or received from mobile devices 816 and818, and the wireless connector system 828, the wireless VPN router 832,or possibly other components enabling communications between thecorporate LAN 806 and one or more mobile devices 816 and 818. In moregeneral terms, a host system is one or more computers at, with, or inassociation with which a wireless connector system is operating. Thecorporate LAN 806 is one preferred embodiment of a host system, in whichthe host system is a server computer running within a corporate networkenvironment operating behind and protected by at least one securitycommunications firewall 808. Other possible central host systems includeISP, ASP and other service provider or mail systems. Although thedesktop computer system 824 and interface/connector 826 may be locatedoutside such host systems, wireless communication operations may besimilar to those described below.

The corporate LAN 806 implements the wireless connector system 828 as anassociated wireless communications enabling component, which willnormally be a software program, a software application, or a softwarecomponent built to work with at least one message server 820. Thewireless connector system 828 is used to send user-selected informationto, and to receive information from, one or more mobile devices 816 and818, via one or more wireless networks 812 and 814. The wirelessconnector system 828 may be a separate component of a messaging system,as shown in FIG. 8, or may instead be partially or entirely incorporatedinto other communication system components. For example, the messageserver 820 may incorporate a software program, application, or componentimplementing the wireless connector system 828, portions thereof, orsome or all of its functionality.

The message server 820, running on a computer behind the firewall 808,acts as the main interface for the corporation to exchange messages,including for example electronic mail, calendaring data, voice mail,electronic documents, and other PIM data with a WAN 804, such as theInternet. The particular intermediate operations and computers aredependent upon the specific type of message delivery mechanisms andnetworks via which messages are exchanged, and therefore have not beenshown in FIG. 8. The functionality of the message server 820 may extendbeyond message sending and receiving, providing such features as dynamicdatabase storage for data like calendars, to-do lists, task lists,e-mail, and documentation, as described above.

Message servers such as 820 normally maintain a plurality of mailboxes819 in one or more data stores such as 817 for each user having anaccount on the server. The data store 817 includes mailboxes 819 for anumber (“n”) of user accounts. Messages received by the message server820 that identify a user, a user account, a mailbox, or possibly anotheraddress associated with a user, account or mailbox 819, as a messagerecipient is typically stored in the corresponding mailbox 819. If amessage is addressed to multiple recipients or a distribution list, thencopies of the same message may be stored to more than one mailbox 819.Alternatively, the message server 820 may store a single copy of such amessage in a data store accessible to all of the users having an accounton the message server 820, and store a pointer or other identifier ineach recipient's mailbox 819. In typical messaging systems, each userthen accesses his or her mailbox 819 and its contents using a messagingclient such as Microsoft Outlook or Lotus Notes, which normally operateson a PC, such as the desktop computer system 822, connected in the LAN806. Although only one desktop computer system 822 is shown in FIG. 8,those skilled in the art will appreciate that a LAN typically containsmany desktop, notebook, and laptop computer systems. Each messagingclient normally accesses a mailbox 819 through the message server 820,although in some systems, a messaging client may enable direct access tothe data store 817 and a mailbox 819 stored thereon by the desktopcomputer system 822. Messages may also be downloaded from the data store817 to a local data store on the desktop computer system 822.

Within the corporate LAN 806, the wireless connector system 828 operatesin conjunction with the message server 820. The wireless connectorsystem 828 may reside on the same computer system as the message server820, or may instead be implemented on a different computer system.Software implementing the wireless connector system 828 may also bepartially or entirely integrated with the message server 820. Thewireless connector system 828 and the message server 820 are preferablydesigned to cooperate and interact to allow the pushing of informationto the mobile devices 816, 818. In such an installation, the wirelessconnector system 828 is preferably configured to send information thatis stored in one or more data stores associated with the corporate LAN806 to one or more of the mobile devices 816, 818, through the corporatefirewall 808 and via the WAN 804 and one of the wireless networks 812,814. For example, a user that has an account and associated mailbox 819in the data store 817 may also have a mobile device, such as 816. Asdescribed above, messages received by the message server 820 thatidentify a user, account, or mailbox 819 are stored to a correspondingmailbox 819 by the message server 820. If a user has a mobile device,such as 816, messages received by the message server 820 and stored tothe user's mailbox 819 are preferably detected by the wireless connectorsystem 828 and sent to the user's mobile device 816. This type offunctionality represents a “push” message sending technique. Thewireless connector system 828 may instead employ a “pull” technique, inwhich items stored in a mailbox 819 are sent to a mobile device 816 or818 responsive to a request or access operation made using the mobiledevice, or some combination of both techniques.

The use of a wireless connector 828 thereby enables a messaging systemincluding a message server 820 to be extended so that each user's mobiledevice 816, 818 has access to stored messages of the message server 820.Although the systems and methods described herein are not restrictedsolely to a push-based technique, a more detailed description ofpush-based messaging may be found in the United States patent andincorporated by reference above. This push technique uses a wirelessfriendly encoding, compression and encryption technique to deliver allinformation to a mobile device, thus effectively extending the companyfirewall 808 to include the mobile devices 816 and 818.

As shown in FIG. 8, there are several paths for exchanging informationwith a mobile device 816, 818 from the corporate LAN 806. One possibleinformation transfer path is through the physical connection 824 such asa serial port, using an interface or connector 826. This path is usefulfor example for bulk information updates often performed atinitialization of a mobile device 816, 818 or periodically when a userof a mobile device 816, 818 is working at a computer system in the LAN806, such as the computer system 822. For example, as described above,PIM data is commonly exchanged over a such a connection as a serial portconnected to a cradle in or upon which a mobile device 816, 818 may beplaced. The physical connection 824 may also be used to transfer otherinformation from a desktop computer system 822 to a mobile device 816,818, including private security keys (“private keys”) such as privateencryption or digital signature keys associated with the desktopcomputer system 822, or other relatively bulky information such asdigital certificates and CRLs.

Private key exchange using the physical connection 824 and the connectoror interface 826 allows a user's desktop Computer system 822 and mobiledevice 816 or 818 to share at least one identity for accessing allencrypted and/or signed mail. The user's desktop computer system 822 andmobile device 816 or 818 can also thereby share private keys so thateither the host system 822 or the mobile device 816 or 818 can processsecure messages addressed to the user's mailbox or account on themessage server 820. The transfer of digital certificates and CRLs oversuch a physical connection is desirable in that they represent a largeamount of the data that is required for S/MIME, PGP and other public keysecurity methods. A user's own digital certificate, a chain of digitalcertificates used to verify the user's digital certificate, and a CRL,as well as digital certificates, digital certificate chains and CRLs forother users, may be loaded onto a mobile device 816, 818 from the user'sdesktop computer system 822. This loading of other user's digitalcertificates and CRLs onto a mobile device 816, 818 allows a mobiledevice user to select other entities or users with whom they might beexchanging secure messages, and to pre-load the bulky information ontothe mobile device through a physical connection instead of over the air,thus saving time and wireless bandwidth when a secure message isreceived from or to be sent to such other users, or when the status of adigital certificate is to be determined based on one or more CRLs.CRL-based status checks can also be avoided where the systems andmethods described herein are employed.

In known “synchronization” type wireless messaging systems, a physicalpath has also been used to transfer messages from mailboxes 819associated with a message server 820 to mobile devices 816 and 818.

Another method for data exchange with the mobile devices 816 and 818 isover-the-air, through the wireless connector system 828 and using thewireless networks 812 and 814. As shown in FIG. 8, this could involve aWireless VPN router 832, if available in the network 806, or,alternatively, a traditional WAN connection to wireless infrastructure810 that provides an interface to one or more wireless networks such as814. The Wireless VPN router 832 provides for creation of a VPNconnection directly through a specific wireless network 812 to awireless device 816. Such a Wireless VPN router 832 may be used inconjunction with a static addressing scheme. For example, if thewireless network 812 is an IP-based wireless network, then IPV6 wouldprovide enough IP addresses to dedicate an IP address to every mobiledevice 816 configured to operate within the network 812 and thus make itpossible to push information to a mobile device 816 at any time. Aprimary advantage of using a wireless VPN router 832 is that it could bean off-the-shelf VPN component which would not require wirelessinfrastructure 810. A VPN connection may use a TCP/IP or UDP/IPconnection to deliver messages directly to and from a mobile device 816.

If a wireless VPN router 832 is not available, then a link to a WAN 804,normally the Internet, is a commonly used connection mechanism that maybe employed by the wireless connector system 828. To handle theaddressing of the mobile device 816 and any other required interfacefunctions, wireless infrastructure 810 is preferably used. The wirelessinfrastructure 810 may also determine a most likely wireless network forlocating a given user, and track users as they roam between countries ornetworks. In wireless networks such as 812 and 814, messages arenormally delivered to and from mobile devices via RF transmissionsbetween base stations and the mobile devices.

A plurality of connections to wireless networks 812 and 814 may beprovided, including, for example, ISDN, Frame Relay or T1 connectionsusing the TCP/IP protocol used throughout the Internet. The wirelessnetworks 812 and 814 could represent distinct, unique and unrelatednetworks, or they could represent the same network in differentcountries, and may be any of different types of networks, including butnot limited to, data-centric wireless networks, voice-centric wirelessnetworks, and dual-mode networks that can support both voice and datacommunications over the same or similar infrastructure, such as any ofthose described above.

In some implementations, more than one over-the-air information exchangemechanism may be provided in the corporate LAN 806. In FIG. 8 forexample, the mobile devices 816 and 818 associated with users havingmailboxes 819 associated with user accounts on the message server 820are configured to operate on different wireless networks 812 and 814. Ifthe wireless network 812 supports IPv6 addressing, then the wireless VPNrouter 832 may be used by the Wireless connector system 828 to exchangedata with any mobile device 816 operating within the wireless network812. The Wireless network 814 may be a different type of wirelessnetwork, however, such as the Mobitex network, in which case informationis instead exchanged with the mobile device 818 operating within thewireless network 814 via a connection to the WAN 804 and the wirelessinfrastructure 810.

Operation of the system in FIG. 8 will now be described using an exampleof an e-mail message 833 sent from the computer system 802 and addressedto at least one recipient having both an account and mailbox 819 or likedata store associated with the message server 820 and a mobile device816 or 818. However, the e-mail message 833 is intended for illustrativepurposes only. The exchange of other types of information between thecorporate LAN 806 is preferably also enabled by the wireless connectorsystem 828.

The e-mail message 833, sent from the computer system 802 via the WAN804, may be fully in the clear, or signed with a digital signatureand/or encrypted, depending upon the particular messaging scheme used.For example, if the computer system 802 is enabled for secure messagingusing S/MIME, then the e-mail message 833 may be signed, encrypted, orboth.

E-mail messages such as 833 normally use traditional SMTP, RFC822headers and MIME body parts to define the format of the e-mail message.These techniques are all well known to one in the art The e-mail message833 arrives at the message server 820, which determines into whichmailboxes 819 the e-mail message 833 should be stored. As describedabove, a message such as the e-mail message 833 may include a user name,a user account, a mailbox identifier, or other type of identifier thatis mapped to a particular account or associated mailbox 819 by themessage server 820. For an e-mail message 833, recipients are typicallyidentified using e-mail addresses corresponding to a user account andthus a mailbox 819.

The wireless connector system 828 sends or mirrors, via the wirelessnetwork 812 or 814, certain user-selected data items or parts of dataitems from the corporate LAN 806 to the users mobile device 816 or 818,preferably upon detecting that one or more triggering events hasoccurred. A triggering event includes, but is not limited to, one ormore of the following: screen saver activation at a user's networkedcomputer system 822, disconnection of the user's mobile device 816 or818 from the interface 826, or receipt of a command sent from a mobiledevice 816 or 818 to the host system to start sending one or moremessages stored at the host system. Thus, the wireless connector system828 may detect triggering events associated with the message server 820,such as receipt of a command, or with one or more networked computersystems 822, including the screen saver and disconnection eventsdescribed above. When wireless access to corporate data for a mobiledevice 816 or 818 has been activated at the LAN 806, for example whenthe wireless connector system 828 detects the occurrence of a triggeringevent for a mobile device user, data items selected by the user arepreferably sent to the user's mobile device. In the example of thee-mail message 833, assuming that a triggering event has been detected,the arrival of the message 833 at the message server 820 is detected bythe wireless connector system 828. This may be accomplished, forexample, by monitoring or querying mailboxes 819 associated with themessage server 820, or, if the message server 820 is a MicrosoftExchange server, then the wireless connector system 828 may register foradvise syncs provided by the Microsoft Messaging Application ProgrammingInterface (MAPI) to thereby receive notifications when a new message isstored to a mailbox 819.

When a data item such as the e-mail message 833 is to be sent to amobile device 816 or 818, the wireless connector system 828 preferablyrepackages the data item in a manner that is transparent to the mobiledevice 816 or 818, so that information sent to and received by themobile device 816 or 818 appears similar to the information as stored onand accessible at the host system, LAN 806 in FIG. 8. One preferredrepackaging method includes wrapping received messages to be sent via awireless network 812 or 814 in an electronic envelope that correspondsto the wireless network address of the mobile device 816 or 818 to whichthe message is to be sent. Alternatively, other repackaging methodscould be used, such as special-purpose TCP/IP wrapping techniques. Suchrepackaging preferably also results in e-mail messages sent from amobile device 816 or 818 appearing to come from a corresponding hostsystem account or mailbox 819 even though they are composed and sentfrom a mobile device. A user of a mobile device 816 or 818 may therebyeffectively share a single e-mail address between a host system accountor mailbox 819 and the mobile device.

Repackaging of the e-mail message 833 is indicated at 834 and 836.Repackaging techniques may be similar for any available transfer pathsor may be dependent upon the particular transfer path, either thewireless infrastructure 810 or the wireless VPN router 832. For example,the e-mail message 833 is preferably compressed and encrypted, eitherbefore or after being repackaged at 834, to thereby provide for securetransfer to the mobile device 818. Compression reduces the bandwidthrequired to send the message, whereas encryption ensures confidentialityof any messages or other information sent to the mobile devices 816 and818. In contrast, messages transferred via a VPN router 832 might onlybe compressed and not encrypted, since a VPN connection established bythe VPN router 832 is inherently secure. Messages are thereby securelysent, via either encryption at the wireless connector system 828, whichmay be considered a non-standard VPN tunnel or a VPN-like connection,for example, or the VPN router 832, to mobile devices 816 and 818.Accessing messages using a mobile device 816 or 818 is thus no lesssecure than accessing mailboxes at the LAN 806 using the desktopcomputer system 822.

When a repackaged message 834 or 836 arrives at a mobile device 816 or818, via the wireless infrastructure 810, or via the wireless VPN router832, the mobile device 816 or 818 removes the outer electronic envelopefrom the repackaged message 834 or 836, and performs any requireddecompression and decryption operations. Messages sent from a mobiledevice 816 or 818 and addressed to one or more recipients are preferablysimilarly repackaged, and possibly compressed and encrypted, and sent toa host system such as the LAN 806. The host system may then remove theelectronic envelope from the repackaged message, decrypt and decompressthe message if desired, and route the message to the addressedrecipients.

Another goal of using an outer envelope is to maintain at least some ofthe addressing information in the original e-mail message 833. Althoughthe outer envelope used to route information to mobile devices 816, 818is addressed using a network address of one or more mobile devices, theouter envelope preferably encapsulates the entire original e-mailmessage 833, including at least one address field, possibly incompressed and/or encrypted form. This allows original “To”, “From” and“CC” addresses of the e-mail message 833 to be displayed when the outerenvelope is removed and the message is displayed on a mobile device 816or 818. The repackaging also allows reply messages to be delivered toaddressed recipients, with the “From” field reflecting an address of themobile device user's account or mailbox on the host system, when theouter envelope of a repackaged outgoing message sent from a mobiledevice is removed by the wireless connector system 828. Using the user'saccount or mailbox address from the mobile device 816 or 818 allows amessage sent from a mobile device to appear as though the messageoriginated from the user's mailbox 819 or account at the host systemrather than the mobile device.

FIG. 9 is a block diagram of an alternative communication system, inwhich wireless communications are enabled by a component associated withan operator of a wireless network. As shown in FIG. 9, the systemincludes a computer system 802, WAN 804, a corporate LAN 807 locatedbehind a security firewall 808, network operator infrastructure 840, awireless network 811, and mobile devices 813 and 815. The computersystem 802, the WAN 804, the security firewall 808, the message server820, the data store 817, the mailboxes 819, and the VPN router 835 aresubstantially the same as the similarly-labelled components in FIG. 8.However, since the VPN router 835 communicates with the network operatorinfrastructure 840, it need not necessarily be a wireless VPN router inthe system of FIG. 9. The network operator infrastructure 840 enableswireless information exchange between the LAN 807 and the mobile devices813 and 815, respectively associated with the computer systems 842 and852 and configured to operate within the wireless network 811. In theLAN 807, a plurality of desktop computer systems 842 and 852 are shown,each having a physical connection 846 or 856 to an interface orconnector 848 or 858. A wireless connector system 844 or 854 isoperating on or in conjunction with each computer system 842 and 852.

The wireless connector systems 844 and 854 are similar to the wirelessconnector system 828 described above, in that they enable data items,such as e-mail messages and other items that are stored in mailboxes819, and possibly data items stored in a local or network data store, tobe sent from the LAN 807 to one or more of the mobile devices 813 and815. In FIG. 9 however, the network operator infrastructure 840 providesan interface between the mobile devices 813 and 815 and the LAN 807. Asabove, operation of the system shown in FIG. 9 is described below in thecontext of an e-mail message as an illustrative example of a data itemthat may be sent to a mobile device 813 or 815.

When an e-mail message 833, addressed to one or more recipients havingan account on the message server 820, is received by the message server820, the message, or possibly a pointer to a single copy of the messagestored in a central mailbox or data store, is stored in the mailbox 819of each such recipient. Once the e-mail message 833 or pointer has beenstored to a mailbox 819, it may preferably be accessed using a mobiledevice 813 or 815. In the example shown in FIG. 9, the e-mail message833 has been addressed to the mailboxes 819 associated with both desktopcomputer systems 842 and 852 and thus both mobile devices 813 and 815.

As those skilled in the art will appreciate, communication networkprotocols commonly used in wired networks such as the LAN 807 and/or theWAN 804 are not suitable or compatible with wireless networkcommunication protocols used within wireless networks such as 811. Forexample, communication bandwidth, protocol overhead, and networklatency, which are primary concerns in wireless network communications,are less significant in wired networks, which typically have much highercapacity and speed than wireless networks. Therefore, mobile devices 813and 815 cannot normally access the data store 817 directly. The networkoperator infrastructure 840 provides a bridge between the wirelessnetwork 811 and the LAN 807.

The network operator infrastructure 840 enables a mobile device 813 or815 to establish a connection to the LAN 807 through the WAN 804, andmay, for example, be operated by an operator of the wireless network 811or a service provider that provides wireless communication service formobile devices 813 and 815. In a pull-based system, a mobile device 813or 815 establishes a communication session with the network operatorinfrastructure 840 using a wireless network compatible communicationscheme, preferably a secure scheme such as Wireless Transport LayerSecurity (WTLS) when information should remain confidential, and awireless web browser such as a Wireless Application Protocol (WAP)browser. A user then requests, through manual selection or pre-selecteddefaults in the software residing in the mobile device, any or allinformation, or just new information, for example, stored in a mailbox819 in the data store 817 at the LAN 807. The network operatorinfrastructure 840 establishes a connection or session with a wirelessconnector system 844, 854, using Secure Hypertext Transfer Protocol(HTTPS), for example, if no session has already been established. Asabove, a session between the network operator infrastructure 840 and awireless connector system 844 or 854 may be made via a typical WANconnection or through the VPN router 835 if available. When time delaysbetween receiving a request from a mobile device 813 or 815 anddelivering requested information back to the device are to be minimized,the network operator infrastructure 840 and the wireless connectorsystems 844 and 854 may be configured so that a communication connectionremains open once established.

In the system of FIG. 9, requests originating from mobile device A 813and B 815 would be sent to the wireless connector systems 844 and 854,respectively. Upon receiving a request for information from the networkoperator infrastructure 840, a wireless connector system 844 or 854retrieves requested information from a data store. For the e-mailmessage 833, the wireless connector system 844 or 854 retrieves thee-mail message 833 from the appropriate mailbox 819, typically through amessaging client operating in conjunction with the computer system 842or 852, which may access a mailbox 819 either via the message server 820or directly. Alternatively, a wireless connector system 844 or 854 maybe configured to access mailboxes 819 itself, directly or through themessage server 820. Also, other data stores, both network data storessimilar to the data store 817 and local data stores associated with eachcomputer system 842 and 852, may be accessible to a wireless connectorsystem 844 or 854, and thus to a mobile device 813 or 815.

If the e-mail message 833 is addressed to the message server accounts ormailboxes 819 associated with both computer systems 842 and 852 anddevices 813 and 815, then the e-mail message 833 is sent to the networkoperator infrastructure 840 as shown at 860 and 862, which then sends acopy of the e-mail message to each mobile device 813 and 815, asindicated at 864 and 866. Information is transferred between thewireless connector systems 844 and 854 and the network operatorinfrastructure 840 via either a connection to the WAN 804 or the VPNrouter 835. When the network operator infrastructure 840 communicateswith the wireless connector systems 844 and 854 and the mobile devices813 and 815 via different protocols, translation operations may beperformed by the network operator infrastructure 840. Repackagingtechniques may also be used between the wireless connector systems 844and 854 and the network operator infrastructure 840, and between eachmobile device 813 and 815 and the network operator infrastructure 840.

Messages or other information to be sent from a mobile device 813 or 815may be processed in a similar manner, with such information first beingtransferred from a mobile device 813 or 815 to the network operatorinfrastructure 840. The network operator infrastructure 840 then sendsthe information to a wireless connector system 844 or 854 for storage ina mailbox 819 and delivery to any addressed recipients by the messageserver 820, for example, or may alternatively deliver the information tothe addressed recipients.

The above description of the system in FIG. 9 relates to pull-basedoperations. The wireless connector systems 844 and 854 and the networkoperator infrastructure may instead be configured to push data items tomobile devices 813 and 815. A combined push/pull system is alsopossible. For example, a notification of a new message or a list of dataitems currently stored in a data store at the LAN 807 could be pushed toa mobile device 813 or 815, which may then be used to request messagesor data items from the LAN 807 via the network operator infrastructure840.

If mobile devices associated with user accounts on the LAN 807 areconfigured to operate within different wireless networks, then eachwireless network may have an associated wireless network infrastructurecomponent similar to 840.

Although separate, dedicated wireless connector systems 844 and 854 areshown for each computer system 842 and 852 in the system of FIG. 9, oneor more of the wireless connector systems 844 and 854 is preferablyconfigured to operate in conjunction with more than one of the computersystems 842 and 852, or to access a data store or mailbox 819 associatedwith more than one computer system. For example, the wireless connectorsystem 844 may be granted access to the mailboxes 819 associated withboth the computer system 842 and the computer system 852. Requests fordata items from either mobile device A 813 or B 815 are then processedby the wireless connector system 844. This configuration is useful toenable wireless communications between the LAN 807 and the mobiledevices 813 and 815 without requiring a desktop computer system 842 and852 to be running for each mobile device user. A wireless connectorsystem may instead be implemented in conjunction with the message server820 to enable wireless communications.

FIG. 10 is a block diagram of another alternative communication system.The system includes a computer system 802, WAN 804, a corporate LAN 809located behind a security firewall 808, an access gateway 880, a datastore 882, wireless networks 884 and 886, and mobile devices 888 and890. The computer system 802, the WAN 804, the security firewall 808,the message server 820, the data store 817, the mailboxes 819, thedesktop computer system 822, the physical connection 824, the interfaceor connector 826 and the VPN router 835 are substantially the same asthe corresponding components described above. The access gateway 880 anddata store 882 provide mobile devices 888 and 890 with access to dataitems stored at the LAN 809. In FIG. 10, a wireless connector system 878operates on or in conjunction with the message server 820, although awireless connector system may instead operate on or in conjunction withone or more desktop computer systems 822 in the LAN 809.

The wireless connector system 878 provides for transfer of data itemsstored at the LAN 809 to one or more of the mobile devices 888 and 890.These data items preferably include e-mail messages stored in mailboxes819 in the data store 817, as well as possibly other items stored in thedata store 817 or another network data store or a local data store of acomputer system such as 822.

As described above, an e-mail message 833 addressed to one or morerecipients having an account on the message server 820 and received bythe message server 820 are stored into the mailbox 819 of each suchrecipient. In the system of FIG. 10, the external data store 882preferably has a similar structure to, and remains synchronized with,the data store 817. PIM information or data stored at data store 882preferably is independently modifiable to the PIM information or datastored at the host system. In this particular configuration, theindependently modifiable information at the external data store 882 maymaintain synchronization of a plurality of data stores associated with auser (i.e., data on a mobile device, data on a personal computer athome, data at the corporate LAN, etc.). This synchronization may beaccomplished, for example, through updates sent to the data store 882 bythe wireless connector system 878 at certain time intervals, each timean entry in the data store 817 is added or changed, at certain times ofday, or when initiated at the LAN 809, by the message server 820 or acomputer system 822, at the data store 882, or possibly by a mobiledevice 888 or 890 through the access gateway 880.

In the case of the e-mail message 833, for example, an update sent tothe data store 882 some time after the e-mail message 833 is receivedindicates that the message 833 has been stored in a certain mailbox 819in the store 817, and a copy of the e-mail message is stored to acorresponding storage area in the data store 882. When the e-mailmessage 833 has been stored in the mailboxes 819 corresponding to themobile devices 888 and 890, one or more copies of the e-mail message,indicated at 892 and 894 in FIG. 10, will be sent to and stored incorresponding storage areas or mailboxes in the data store 882. Asshown, updates or copies of stored information in the data store 817 maybe sent to the data store 882 via a connection to the WAN 804 or the VPNrouter 835. For example, the wireless connector system 878 may postupdates or stored information to a resource in the data store 882 via anHTTP post request. Alternatively, a secure protocol such as HTTPS orSecure Sockets Layer (SSL) may be used. Those skilled in the art willappreciate that a single copy of a data item stored in more than onelocation in a data store at the LAN 809 may instead be sent to the datastore 882. This copy of the data item could then be stored either inmore than one corresponding location in the data store 882, or a singlecopy may be stored in the data store 882, with a pointer or otheridentifier of the stored data item being stored in each correspondinglocation in the data store 882.

The access gateway 880 is effectively an access platform, in that itprovides mobile devices 888 and 890 with access to the data store 882.The data store 882 may be configured as a resource accessible on the WAN804, and the access gateway 880 may be an ISP system or WAP gatewaythrough which mobile devices 888 and 890 connect to the WAN 804. A WAPbrowser or other browser compatible with the wireless networks 884 and886 may then be used to access the data store 882, which is synchronizedwith the data store 817, and download stored data items eitherautomatically or responsive to a request from a mobile device 888 or890. As shown at 896 and 898, copies of the e-mail message 833, whichwas stored in the data store 817, are sent to the mobile devices 888 and890. A data store on each mobile device 888 and 890 is therebysynchronized with a portion, such as a mailbox 819, of a data store 817on a corporate LAN 809. Changes to a mobile device data store aresimilarly reflected in the data stores 882 and 817.

The embodiments described herein are examples of structures, systems ormethods having elements corresponding to the elements of the inventionrecited in the claims. This written description may enable those ofordinary skill in the art to make and use embodiments having alternativeelements that likewise correspond to the elements of the inventionrecited in the claims. The intended scope of the invention thus includesother structures, systems or methods that do not differ from the literallanguage of the claims, and further includes other structures, systemsor methods with insubstantial differences from the literal language ofthe claims.

It is claimed as the invention:
 1. A method of accessing multipledigital certificate status information providers to obtain digitalcertificate status information, comprising: receiving a request fordigital certificate status information for a particular digitalcertificate from a communication device; generating multiple servicerequests based upon the received request, each of the multiple servicerequests corresponding to a digital certificate status informationprovider; sending the generated multiple service requests to theircorresponding digital certificate status information providers;receiving a plurality of responses comprising digital certificate statusinformation from the digital certificate status information providers;ranking the received responses to the multiple service requests fordigital certificate status information for a particular digitalcertificate based upon the digital certificate status informationproviders associated with the received responses; based upon theranking, using at least one of the received responses to generate adigital certificate status response to the request for digitalcertificate status information; and sending to the communication devicethe generated digital certificate status response in response to therequest from the communication device.
 2. The method of claim 1, whereinthe request includes a list of status information providers to which aservice request is to be sent.
 3. The method of claim 2, wherein therequest includes a ranking list that specifies an order of preferencebetween subsequent responses from the status information providers. 4.The method of claim 2, wherein the list of status information providersis arranged in order of preference between subsequent responses from thestatus information providers.
 5. The method of claim 1, wherein thegenerated digital certificate status response is utilized in processinga secure message at the communication device.
 6. The method of claim 5,wherein the secure message comprises a digital signature.
 7. The methodof claim 6, wherein the secure message was signed using SecureMultipurpose Internet Mail Extensions (S/MIME) techniques.
 8. The methodof claim 6, wherein the secure message was signed using Pretty GoodPrivacy (PGP) techniques.
 9. The method of claim 6, wherein the securemessage comprises an e-mail message.
 10. The method of claim 6, whereinthe secure message further comprises a chained digital certificate,wherein status information for the digital certificate and the chaineddigital certificate is requested in the request, and wherein thegenerated digital certificate status response comprises a statusindicator for the digital certificate and the chained digitalcertificate.
 11. The method of claim 1, wherein the request comprisesidentification information identifying a target digital certificate forwhich digital certificate status information is requested, wherein theresponse from the at least one of the digital certificate statusinformation providers comprises status information for the targetdigital certificate, and wherein the generated digital certificatestatus response comprises a status indicator for the target digitalcertificate.
 12. The method of claim 11, wherein the status indicatorcomprises one of: a valid indicator, a revoked indicator, and an unknownindicator.
 13. The method of claim 12, wherein the target digitalcertificate comprises a signature key for verifying a digital signaturein a secure message received at the communication device when the statusindicator is the valid indicator, determining whether the statusindicator is the valid indicator; and verifying the digital signatureusing the signature key where the status indicator is the validindicator.
 14. The method of claim 13, wherein the secure message is amessage that has been signed and then encrypted.
 15. The method of claim13, wherein the secure message is a message that has been encrypted andthen signed.
 16. The method of claim 13, wherein the secure messagefurther comprises the target digital certificate.
 17. The method ofclaim 12, wherein the target digital certificate comprises acryptographic key for processing a message to be sent from thecommunication device when the status indicator is the valid indicator,wherein whether the status indicator is the valid indicator isdetermined; and wherein a message to be sent from the communicationdevice is processed using the cryptographic key where the statusindicator is the valid indicator.
 18. The method of claim 17, whereinthe message to be sent is processed by encrypting the message using asession key; and encrypting the session key using the cryptographic key.19. The method of claim 17, wherein the message to be sent is processedby encrypting the message to be sent using the cryptographic key. 20.The method of claim 17, wherein the cryptographic key is a public keycorresponding to a private key of an intended recipient of the message.21. The method of claim 1, wherein a request for digital certificatestatus information for a digital certificate in a secure message isreceived after the communication has received the secure messagecomprising the digital certificate and generated the request for digitalcertificate status information.
 22. The method of claim 1, wherein therequest for digital certificate status information is generated at thecommunication device at predetermined time intervals.
 23. The method ofclaim 22, wherein the predetermined time intervals are configurable atthe communication device.
 24. The method of claim 1, wherein digitalcertificate checking operations are invoked through a user interface ofthe communication device; and wherein the request for digitalcertificate status information is generated at the communication devicein response to the invoking.
 25. The method of claim 1, wherein therequest comprises a revocation status request for a digital certificatestored at the communication device.
 26. The method of claim 25, whereinthe generated multiple service requests that are sent to correspondingdigital certificate status information providers comprise revocationstatus information requests.
 27. The method of claim 1, wherein statusinformation for a plurality of digital certificates is requested in therequest, and wherein the generated digital certificate status responsecomprises a status indicator for each of the plurality of digitalcertificates.
 28. The method of claim 27, wherein each of the multipleservice requests comprises a status information request for at least oneof the plurality of digital certificates.
 29. The method of claim 28,wherein each of the multiple service requests comprises a statusinformation request for the plurality of digital certificates.
 30. Themethod of claim 1, wherein the multiple service requests and eachresponse from the digital certificate status information providersconform to Online Certificate Status Protocol (OCSP).
 31. The method ofclaim 1, wherein generating a digital certificate status response to therequest comprises: determining whether any of the responses from thestatus information providers contain digital certificate statusinformation; and generating a digital certificate status responsecomprising an error message where none of the responses from the statusinformation providers contain digital certificate status information.32. The method of claim 1, wherein generating a digital certificatestatus response to the request comprises: detecting receipt of a firstdefinitive response from one of the status information providers; andgenerating a digital certificate status response to the request using atleast a portion of the first definitive response.
 33. The method ofclaim 1, wherein generating the digital certificate status response tothe request comprises: selecting a response from one of the statusinformation providers based on predetermined selection criteria; andgenerating a digital certificate status response to the request using atleast a portion of the selected response.
 34. The method of claim 33,wherein the selection criteria comprise a status information providerranking list.
 35. The method of claim 1, wherein the communicationdevice is selected from the group consisting of: a handheldcommunication device, a data communication device, a voice communicationdevice, a dual-mode communication device, a mobile telephone with datacommunication capabilities, a personal digital assistant (PDA) enabledfor wireless communications, a two-way pager, and a wireless modem. 36.A proxy computer system for accessing multiple digital certificateinformation providers to obtain digital certificate status information,comprising: a data processor; a memory encoded with instructions forcommanding the data processor to perform acts including: receiving arequest for digital certificate status information for a particulardigital certificate from a communication device; generating multipleservice requests based upon the received request, each of the multipleservice requests corresponding to a digital certificate statusinformation provider; sending the generated multiple service requests totheir corresponding digital certificate status information providers;receiving a plurality of responses comprising digital certificate statusinformation from the digital certificate status information providers;ranking the received responses to the multiple service requests fordigital certificate status information for a particular digitalcertificate based upon the digital certificate status informationproviders associated with the received responses; based upon theranking, using at least one of the received responses to generate adigital certificate status response to the request for digitalcertificate status information; and sending to the communication devicethe generated digital certificate status response in response to therequest from the communication device.
 37. The system of claim 36,wherein the proxy computer system is configured to generate the multipleservice requests based upon the received request and upon informationstored locally at the proxy computer system.
 38. The system of claim 36,wherein the generating a digital certificate status response to therequest comprises: determining whether the received digital certificatestatus information comprises a signed portion; and generating a digitalcertificate status response comprising the signed portion without anunsigned portion.
 39. The system of claim 36, wherein the communicationdevice comprises a proxy system client component, wherein the proxycomputer system comprises a proxy system service component, and whereinthe proxy system service component is configured to exchange informationwith the proxy system client component to obtain digital certificatestatus information.
 40. The system of claim 39, wherein thecommunication device comprises multiple proxy system client components,and wherein each of the proxy system client components is adapted tocollect request information and to process response information for adifferent digital certificate status check protocol.
 41. The system ofclaim 40, wherein the request information collected by the proxy systemclient components is combined into the request and sent to the proxycomputer system, and wherein the proxy system service component extractsinformation from the request to generate the multiple service requests.42. The system of claim 39, wherein the proxy computer system comprisesstatus provider client components which exchange information withdifferent status information providers to obtain digital certificatestatus information.
 43. The system of claim 42, wherein the proxy systemclient component includes information required by the status providerclients in the request only once.
 44. The system of claim 42, whereinthe memory is further encoded with instructions for commanding the dataprocessor to perform the acts of: selecting a digital certificate on thecommunication device for which digital certificate status information isto be requested, wherein the proxy system client component extractsrequest information required by a proxy system service component fromthe selected digital certificate.
 45. The system of claim 42, whereinthe proxy system client component is configured to collect requestinformation comprising a unique identifier for each digital certificatefor which digital certificate status information is requested, whereinthe proxy computer system comprises a mapping table which containsassociations between digital certificate issuers and unique identifiers,and wherein the association is used in generating the multiple servicerequests.
 46. The system of claim 45, wherein the request informationfurther comprises a list of status information providers, and whereinthe proxy computer system generates and sends a service request to eachstatus information provider in the list of status information providers.47. The system of claim 46, wherein each unique identifier comprises adigital certificate serial number.
 48. The system of claim 46, whereineach unique identifier comprises digital certificate subject name. 49.The system of claim 46, wherein a status provider client componentformats a service request for its corresponding status informationprovider based on a unique identifier received by the proxy systemservice component from the proxy system client component.
 50. The systemof claim 42, wherein the proxy computer system generates and sends aservice request to each status information provider for which a statusprovider client component has been implemented.
 51. The system of claim42, wherein the proxy computer system generates and sends a servicerequest to each status information provider in a list of statusinformation providers stored at the proxy computer system.
 52. Thesystem of claim 42, wherein the proxy computer system provides aninterface between the communication device and status informationproviders.
 53. The method of system 52, wherein requests and responsesbetween the proxy system client component and proxy system servicecomponent conform to a different communication protocol than a protocolused between the status provider client components and theircorresponding status information providers.
 54. The system of claim 53,wherein the communication protocol between the status provider clientcomponents and their corresponding status information providers isOnline Certificate Status Protocol (OCSP), and wherein the communicationprotocol between the proxy system client component and the proxy systemservice component supports a more compact protocol involving less dataexchange than OCSP.
 55. The system of claim 54, wherein thecommunication device comprises multiple proxy system client components,and wherein the proxy computer system comprises multiple proxy systemservice components.
 56. The system of claim 36, wherein the proxycomputer system sends an error message to the communication device whenthe request contains insufficient information for the proxy computersystem to generate the multiple service requests.
 57. The system ofclaim 36, wherein the proxy computer system is connected to thecommunication device via a network connection.
 58. The system of claim57, wherein the network connection between the proxy computer system andthe communication device comprises a wireless gateway and a wirelessnetwork connection.
 59. The system of claim 58, wherein the networkconnection between the proxy computer system and the communicationdevice further comprises a wide area network.
 60. The system of claim57, wherein the network connection between the proxy computer system andthe communication device comprises a virtual private network.
 61. Thesystem of claim 36, wherein the proxy computer system is connected tothe status information providers via a wide area network.
 62. Anapparatus for accessing multiple digital certificate status informationproviders to obtain digital certificate status information for acommunication device, comprising: means for receiving a requestregarding digital certificate status information for a particulardigital certificate from the communication device; means for generatingmultiple service requests based upon the received request, eachgenerated service request corresponding to a digital certificate statusinformation provider; means for sending the generated multiple servicerequests to their corresponding status information providers over acomputer network; means for receiving over a computer network a responsefrom at least one of the status information providers, means fordetermining whether any of the responses from the status informationproviders contain digital certificate status information; wherein thestatus information response includes an error message where none of theresponses from the status information providers contain digitalcertificate status information; means for sending to the communicationdevice a digital certificate status response in response to the requestfrom the communication device; wherein the digital certificate statusresponse is generated using at least one of the received responsesaccording to a ranking of the received responses to the multiple servicerequests for digital certificate status information for a particulardigital certificate based upon the digital certificate statusinformation providers associated with the received responses.